similar to: EGD requirement a show stopper for me

I feel very silly asking this, because I saw the answer to this question one time and can't remember what it was. OpenSSH uses /dev/urandom or /dev/random which Solaris does not have (verified with a call to the Sun software folks). How do I make OpenSSH happy with a Solaris substitute for /etc/urandom? Thanks Tim Nibbe Supervisor of System Administration Sprint IP Dial Support Services

on solaris7/sparc this device doesn't exists i can use EGD but he very big (perl script!) - in memory it take about 4mb! apache use the same! why ssh1.27 doesn't requre /dev/urandom on solaris? what alternatives exists?

Hi, when running OpenSSH with EGD as entropy source, the sshd server connects to the EGD socket and leaves it open to re-seed on the fly. Unfortunately the connection is not checked when re-seeding, so that a failure or restart of EGD will lead to a "fatal()" abort of the sshd server process. Since a dying server process can not be accepted, I would recommend to not have sshd call it

The usual suspects: Solaris 8 gcc 2.95.2 perl 5.60 egd 0.7 openssl 0.95.a openssh 1.2.3 # egd.pl /etc/entropy --- It works the first few minutes and then just stops working. OpenSSH connections started still work, ssh just hangs with a new connection. I've even tried --bottomless; no joy. 0.6 and Solaris 7 worked great. I'm going to try the /dev/random that was mentioned before. Any

Hi, I've compiled openssh 1.2.2 on Solaris 7/SPARC. On most hosts, things are fine. I get EGD going, compile openssh, and I can then generate hostkeys as described in the INSTALL file to get things running. On a few hosts though, the keygen fails like this: root at sylow:/source/USR_LOCAL/OFFICIAL/OPENSSH/ssh_client# ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N '' ksh:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A couple of silly errors, and one dangerous bug were in the pre26 release. This release corrects them. http://violet.ibs.com.au/openssh/files/openssh-1.2.1pre27.tar.gz If you want RPMs or any of the other files, please use a mirror: http://violet.ibs.com.au/openssh/files/MIRRORS.html Changes: - Using __snprintf is *NOT SAFE* on old Solaris.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A couple of silly errors, and one dangerous bug were in the pre26 release. This release corrects them. http://violet.ibs.com.au/openssh/files/openssh-1.2.1pre27.tar.gz If you want RPMs or any of the other files, please use a mirror: http://violet.ibs.com.au/openssh/files/MIRRORS.html Changes: - Using __snprintf is *NOT SAFE* on old Solaris.

Roger Marquis wrote: > [snip] > >It takes all of 2 seconds to generate a ssh 2 new session on a >500Mhz cpu (causing less than 20% utilization). Considering that >99% of even the most heavily loaded servers have more than enough >cpu for this task I don't really see it as an issue. > >Also, by generating a different key for each session you get better >entropy,

Yo All! Sorry if this is obvious but I am new to openssh. I have used the original ssh for a while and am familiar with it (and it's restrictive license). I am trying to port openssh-1.2.1pre24 on to SCO UnixWare 7.1.0. I will post the small patches when it is really running. Two problems, SCO has no /dev/random so I installed egd-0.6. It usually works but sometimes dies. I have sent

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-08.11.arc4random Security Advisory The FreeBSD Project Topic: arc4random(9) predictable sequence vulnerability Category: core Module: sys Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-08.11.arc4random Security Advisory The FreeBSD Project Topic: arc4random(9) predictable sequence vulnerability Category: core Module: sys Announced:

Now that ssh-rand-helper has been segregated into a separate program, I'd like to revisit an old question about its entropy gathering. - would it be desirable to make it possible for ssh-rand-helper to fall back to external commands if PRNGD cannot be reached, instead of choosing one or the other at compile time? - When using PRNGD, the program gets 48 bytes of entropy from PRNGD,

Over the holidays, I intend to finally rid portable OpenSSH of the builtin entropy collection code. Here's what I intend to do: When init_rng is called, we'll check OpenSSL's RAND_status(). If this indicates that their PRNG is already seeded, we'll do nothing. This effectively detects platforms which have /dev/urandom (or similar) configured into OpenSSL. If OpenSSL isn't

There are a couple of issues regarding egd support in OpenSSH. 1) SIGPIPE is not ignored for the master listener daemon. I put the signal() call early on since it needs to be before get_random_bytes() is called but it could also be placed in the EGD version of get_random_bytes(). For some reason, with prngd I am getting SIGPIPE even though the prngd processes is not dying.

I have a need to have the same OpenSSH binaries run on multiple machines which are administered by different people. That means on Solaris, for example, there will be some with /dev/random, some on which I can run prngd because they'll be installing my binaries as root, and some which will have neither because they will be only installed as non-root. Below is a patch to enable choosing all 3

I'm having a bit of trouble generating a host key on an x86 Solaris 8 system. I've gotten the following built and installed: egd-0.7 openssl-0.9.5a openssh-1.2.3 My perl version is 5.005_03. egd is running, and tests fine the egd "make test" and with: #./egd.pl /etc/entropy get 22 sources found forking into background... server starting But when I go to "make

Short question: is it possible to share entropy across all VMs and how can this be done? I found http://vanheusden.com/entropybroker/ which seems to offer a way, but I cannot get it to work, syslog tells me "stack smashing detected". So if there are ways people are currently using I''d be interested to hear them. Currently I find that even generating a gpg key on a PV VM takes

On Thu, 27 Sep 2001 20:41:05 EDT, Damien Miller writes: > On Thu, 27 Sep 2001, Dan Astoorian wrote: > > > > > It would (IMHO) be useful if there were a way to optionally configure > > that code to fall back to the internal entropy gathering routines in the > > event that EGD was not available; as it is, the routines simply fail if > > EGD is unavailable at the

Hi. I've been playing a bit with "use sound card as an entropy source" idea. This simple program does what I wanted: http://people.freebsd.org/~pjd/misc/sndrand.tbz The program is very simple, it should be run with two arguments: % sndtest /dev/dspW 1048576 > rand.data This command will generate 1MB of random data. With my sound card: pcm0: <Intel ICH3 (82801CA)>

Can anyone verify this and provide a URL for the docs? -- | ``We've all heard that a million monkeys banging on | Damien Miller - | a million typewriters will eventually reproduce the | <djm at mindrot.org> | works of Shakespeare. Now, thanks to the Internet, / | we know this is not true.'' - Robert Wilensky UCB / http://www.mindrot.org ---------- Forwarded message